Ed Skoudis wrote:Hello, Challenge Fans! We're back with this year's Holiday Hacking Challenge, our tenth annual installment and our biggest and best ever. This one's based on that classic holiday movie, It's a Wonderful Life. Working through this challenge, you'll explore numerous features of CyberCity, the kinetic cyber range SANS built to help train people about the kinetic impact of cyber attacks and how to defend critical infrastructures. You'll analyze numerous attacks against the real-world industrial control systems and related components of CyberCity, trying to figure out how the bad guys targeted and exploited the town. Along the way, you'll also see several defenses that blocked many of the attackers' attempts, and you'll help ensure that the head of security of the town, George Bailey, has a happy holiday season.

This year's Holiday Hacking challenge is sponsored by SANS CyberCon, a complete SANS conference and training event held virtually across the Internet. Our grand prize for the very best answer is a free SANS course offered at CyberCon February 10-15, 2014, an over $4,000 value! Details of the contest follow the challenge below.

Just a heads up - my Anti-Virus went NUTS when I tried to download this.

One of the questions for the challenge is "Please describe each of the unsuccessful attacks Mr. Potter's goons attempted against Bedford Falls infrastructure" so I'm guessing there are some well know viruses or payloads in there that a NIDS or equivalent blocked, which my AV is picking up on.

To work with the the pcap I had to disable my AV, and if they've put live attack code in there (which would be silly SANS....) you may be setting yourself up for a compromised system, so as always - do this in a through-away VM that is NOT network connected.